My new job often has me staying in hotels for extended periods of time and requires me to send in sensitive information over the hotel's network. What would my options to improve security be? VPN tunnel to my home network?

And this info your sending over the net is in clear text? I would have to hope your using a SSL/TLS connection to send this info?

I work on short-term projects with various companies for short durations (two to six weeks). Nobody provides secure methods of doing anything. On top of that, I still have to do all my personal stuff online over completely open hotel networks. So far, I've just been having my wife take care of it all. Most of what I'm protecting is my personal information. I'd like to be able to do this all in a more secure setting than completely-wide-open-hotel-network.

And your sending email over just HTTP? You sending directly to some box using smtp? Not inside a TLS connection?

Who do you use for email? Google provides https for your email, etc.

Even if you run a vpn to your home.. Where is the email server.. That traffic is going to be in the clear from your home network or where ever the vpn end point is to the email server. And then when that email gets sent to dest, its going to be in the clear as it gets sent to the recv server.

Email is sent all over the internet in clear.. Not sure why you would be worried about the traffic between you and the server, when from that server to where you sending is open You could always encrypt your email if you worried about the security of email. But a vpn does not really solve that issue in general.

To correctly secure what your worried about, we need to understand what it is your worried about. Sure a vpn would hide the traffic from the local network your on to where the vpn endpoint is. But what are you moving over the local network that would be of concern.. Most anything that would be of concern should already be inside a endpoint to endpoint encryption method. HTTPS for example. This secures your traffic from your client to the endpoint. So a VPN does not really provide any more security for that sort of connection.

- I have a Cisco PIX 515 that was picked up for cheap, running the latest software and it supports IPSec VPN clients
- I tunnel into my home network via the Pix and since I do not enable split-tunneling, all vpn internet traffic is hair-pined back out the outside interface of the PIX. Thus it's like i'm surfing from home.

Alternatively, you can setup an RDP server at your home, with SSL and NLAuthentication that you surf/send your email with at your home network. I know how you feel surfing on a public wifi network... Even the neowin login page is not encrypted...

Very valid point!! But then again its not encrypted when you log int from your house either So anyone between your house and neowin could in theory see that traffic. Which is an issue I will be posting about in a few minutes to be sure.

If that sort of thing is his concern, then yes a vpn would keep people on that local wifi network from sniffing his traffic and seeing his neowin login. Last I checked neowin wasn't a bank Is someone going to login as you and make some bad posts? All kidding a side that is a valid example.

But you don't need a pix at home to secure his traffic from local wifi - simple ssh tunnel to something outside, home, vps, etc.. would secure such traffic.

But you don't need a pix at home to secure his traffic from local wifi - simple ssh tunnel to something outside, home, vps, etc.. would secure such traffic.

of course not, it's a convenient leftover from my ccnp heh. The thing I am concerned with is not once you leave the local net but packet sniffers on the same snet sharing the free open wifi at the hotel... There if you surf to and log in to sites like neowin is where passwords get compromised

I hear you - and just posted about the login being in the clear on the site issue section. That needs to be corrected!!! That is BAD PRACTICE for something like that to be in the clear.

You would hope most sites would not be setup as such - but you make a valid point! And yes the way to secure such things from the local wifi sniffers (guy next room maybe) Or at an airport would be with a vpn or tunnel to something outside that location.

Problem is that solution does not actually fix the root of the problem - that the username and password would be sent in the clear is the root of the problem. And I am hoping that is just a oversite on neowins part. Most sites should not have such info in the clear -- does not mean they can not intercept your cookies if that is not encrypted as well and get logged in as you, etc..

So again you make a valid point -- what I was fishing for was the OP to state such concerns. As I stated before you have to understand what your worried about or the details of the security problem to make sure you secure it correctly.